Difference between revisions of "Mod:Sandbox Model"
From Roll20 Wiki
Andreas J. (Talk | contribs) m |
Andreas J. (Talk | contribs) m |
||
Line 2: | Line 2: | ||
{{apibox}} | {{apibox}} | ||
{{API dev}} | {{API dev}} | ||
− | The Roll20 | + | The Roll20 MOds functions by running a special server-side virtual machine for each campaign. This provides a '''sandbox''' where your custom scripts can run without any danger of them affecting other user's campaigns. In addition, this provides a layer of security which prevents a malicious [[GM]] from writing scripts which could do bad things like access a [[player]]'s computer or stall their computer with an infinite loop. |
See also: '''[[Mod Scripts Major Update 2024]]''' | See also: '''[[Mod Scripts Major Update 2024]]''' | ||
Line 9: | Line 9: | ||
If you're curious in the technical details of how the API functions, here's a brief diagram: | If you're curious in the technical details of how the API functions, here's a brief diagram: | ||
− | '''User-written scripts''' ===> '''API Server''' ===> '''Campaign Sandbox''' <===> '''Real-Time Sync Server''' | + | '''User-written scripts''' ===> '''Mod/API Server''' ===> '''Campaign Sandbox''' <===> '''Real-Time Sync Server''' |
− | The Roll20 | + | The Roll20 Mod Server listens for activity on your campaign. When it detects that people are using your campaign, it spins up a sandbox for your campaign and loads any API scripts that you have written into the sandbox. The sandbox can receive and send data directly to the real-time sync server, which allows it to respond to events and make changes to the game. |
==Restrictions from Normal Javascript== | ==Restrictions from Normal Javascript== | ||
While Roll20 scripts are [[Javascript]], there are some restrictions you should be aware of if you're used to programing Javascript for websites. Roll20 scripts are executed in a separate sandbox from the Roll20 site. This provides an additional layer of separation and security for our system and your players. This sandbox means that: | While Roll20 scripts are [[Javascript]], there are some restrictions you should be aware of if you're used to programing Javascript for websites. Roll20 scripts are executed in a separate sandbox from the Roll20 site. This provides an additional layer of separation and security for our system and your players. This sandbox means that: | ||
* You cannot make HTTP Requests (AJAX). | * You cannot make HTTP Requests (AJAX). | ||
− | * You cannot load external scripts or libraries (e.g. jQuery). | + | * You cannot load external scripts or libraries (e.g. [[jQuery]]). |
** You have access to the '''[[API:Utility_Functions#Underscore.js|Underscore.js]]''' library (via the <code>_</code> global object) | ** You have access to the '''[[API:Utility_Functions#Underscore.js|Underscore.js]]''' library (via the <code>_</code> global object) | ||
− | * The environment is Javascript, but it is not an environment in a browser, so there is no DOM, page elements, CSS, <code>document</code>, <code>window</code>, etc. | + | * The environment is [[Javascript]], but it is not an environment in a browser, so there is no [https://developer.mozilla.org/en-US/docs/Web/API/Document_Object_Model/Introduction DOM], page elements, CSS, <code>document</code>, <code>window</code>, etc. |
JavaScript used on [[BCS|character sheets]] have more or less the same restrictions. Read more: [[Sheetworkers]]. | JavaScript used on [[BCS|character sheets]] have more or less the same restrictions. Read more: [[Sheetworkers]]. |
Latest revision as of 06:36, 9 June 2024
Page Updated: 2024-06-09 |
Attention: This page is community-maintained. For the official Roll20 version of this article, see the Help Center for assistance: Here .
Roll20 Mod
Use Mods
- Use & Install
- Mod:Script Index & Suggestions
- Short Community Scripts
- Meta Scripts
- User Documentation
- Mod Scripts(Forum)
- Mod Update 2024🆕
- Macro Guide
Mod Development
Reference
- Objects
- Events
- Chat Events & Functions
- Utility Functions
- Function
- Roll20 object
- Token Markers
- Sandbox Model
- Debugging
Cookbook
This is related to Mods, which require Pro info to be able to use.Main Page: Mod:Development |
The Roll20 MOds functions by running a special server-side virtual machine for each campaign. This provides a sandbox where your custom scripts can run without any danger of them affecting other user's campaigns. In addition, this provides a layer of security which prevents a malicious GM from writing scripts which could do bad things like access a player's computer or stall their computer with an infinite loop.
See also: Mod Scripts Major Update 2024
[edit] How it Works
If you're curious in the technical details of how the API functions, here's a brief diagram:
User-written scripts ===> Mod/API Server ===> Campaign Sandbox <===> Real-Time Sync Server
The Roll20 Mod Server listens for activity on your campaign. When it detects that people are using your campaign, it spins up a sandbox for your campaign and loads any API scripts that you have written into the sandbox. The sandbox can receive and send data directly to the real-time sync server, which allows it to respond to events and make changes to the game.
[edit] Restrictions from Normal Javascript
While Roll20 scripts are Javascript, there are some restrictions you should be aware of if you're used to programing Javascript for websites. Roll20 scripts are executed in a separate sandbox from the Roll20 site. This provides an additional layer of separation and security for our system and your players. This sandbox means that:
- You cannot make HTTP Requests (AJAX).
- You cannot load external scripts or libraries (e.g. jQuery).
- You have access to the Underscore.js library (via the
_
global object)
- You have access to the Underscore.js library (via the
- The environment is Javascript, but it is not an environment in a browser, so there is no DOM, page elements, CSS,
document
,window
, etc.
JavaScript used on character sheets have more or less the same restrictions. Read more: Sheetworkers.